vscode-docker icon indicating copy to clipboard operation
vscode-docker copied to clipboard
verified publisher icon microsoft

[Codespaces] Fail to create a new ACI context in codespace environment

Open v-ruizh opened this issue 5 years ago • 7 comments

OS: Windows 10 Build Version: 20201012.4

Repro Steps:

  1. Connect to a codespace and install new CLI into this codespace.
  2. Right click on one image in the registries view -> Deploy Image to Azure Container Instances... -> Create a new ACI context following the wizard.
  3. Check the result.

Expect: Succeed to create a new ACI context.

Actual: Fail to create a new ACI context. (There is no sign in wizard during creating ACI context) image

More Info: This issue does not reproduce without codespace.

v-ruizh avatar Oct 13 '20 08:10 v-ruizh

@karolz-ms this is definitely going to be an issue. Any ideas how to solve it?

bwateratmsft avatar Oct 13 '20 13:10 bwateratmsft

@gtardif I thought if browser cannot be opened the CLI will fall back to device flow https://github.com/docker/compose-cli/pull/575 https://github.com/docker/compose-cli/issues/510 ... but maybe PR 575 does not cover this case?

@bwateratmsft for now, to get through the rest of the scenario we should probably log in to Azure (Docker CLI) using a service principal https://docs.docker.com/engine/context/aci-integration/#log-into-azure You create a resource group:

az login
az group create --name myresourcegroup --location westus2

then you create an associated service principal:

az ad sp create-for-rbac --name http://sp-myresourcegroup --role contributor --socpes $(az group show --name myresourcegroup --query '[id]' --output tsv) --sdk-auth

The resulting JSON blob will contain the client ID and secret to use for docker login azure

karolz-ms avatar Oct 13 '20 16:10 karolz-ms

Running through the scenario today I see two issues:

  1. When one initiates step 2 without being logged to Azure via Docker CLI (docker login azure), the extension displays "Creating ACI context 'blah'" toast and just never progresses from there.

    After logging in to Azure (using device login flow, which Docker CLI correctly executes) the rest of the process of creating a context and completing the deployment to ACI works

  2. (after successful deployment) The Containers pane is not able to show the running ACI container. Instead, the pane shows Error: 14 UNAVAILABLE: No connection established error message. Docker CLI (docker ps, docker logs etc) work fine.

I won't be able to work on this this week (sorry), so re-assigning to @bwateratmsft

karolz-ms avatar Nov 02 '20 20:11 karolz-ms

There must be something wrong with the login flow, in that case. The code already attempts to log in if it gets a specific error (5) back from the first attempt: https://github.com/microsoft/vscode-docker/blob/master/src/tree/contexts/aci/AciContextCreateStep.ts#L24-L37

I'm guessing that docker login azure we're trying is hanging or something like that.

bwateratmsft avatar Nov 03 '20 14:11 bwateratmsft

Oh, I see. It's trying to do device auth but can't because it's doing this in the background. We should move the docker login azure to the terminal.

bwateratmsft avatar Nov 03 '20 18:11 bwateratmsft

@gtardif, regarding the Error: 14 UNAVAILABLE: No connection established: I assume the gRPC service is not running in a codespace. Is there any way to make it start?

bwateratmsft avatar Nov 03 '20 18:11 bwateratmsft

Potentially fixed by #3263.

bwateratmsft avatar Dec 02 '21 19:12 bwateratmsft

Closing since we're doing ACA instead with #3535.

bwateratmsft avatar Oct 14 '22 17:10 bwateratmsft